Microsoft Training

Check out our Award Winning Microsoft Training!

Skillset

The domain name system (DNS) is a key piece of infrastructure that most companies take for granted until a mistake leads to problems of a particularly frustrating nature.

Problems such as not being able to access the Internet or internal corporate networks, which can reduce productivity, damage the corporate brand, and hit the bottom line.

Operating as a naming system connected either to the Internet or an internal network, DNS converts easy-to-remember domain names into the numerical Internet Protocol addresses required to facilitate computer services.

While DNS is definitely critical for the Internet as a whole and for internal corporate networks, many professionals who provide DNS solutions admit that there is definitely a deficit in understanding on the DNS front, even among IT firms that should know better.

Chris Buijs, global director of services and support at EfficientIP, explained that there are essentially two sides of the story when it comes to DNS.

“DNS is used everywhere,” he said. “You have two different types of DNS if you want to separate those – public DNS, which we use for Internet, and internal DNS, which is used within enterprises or within companies. The problems are split as well. On the Internet side, you see more of a malicious type of behavior. On the internal side, you see mistakes, knowledge lack.”

While there are numerous reasons for DNS problems, Chris Gonyea, product manager of traffic management at Dyn, said that the five most common DNS issues are the following:

High TTL (time to live) values on critical DNS records that result in painful propagation waits and downtime when trying to move traffic from one server to another;

DNS services outages, either due to a DDoS attack, hardware/network failures or other reason;

Failure to realize the impact that high DNS latency has on web performance, leading to lost sales and users;

Improperly configured, or non-configured, DNS records, such as MX, SPF and DKIM, which can adversely impact email delivery and receipt; and

Forgetting to properly renew, or losing control of, domain names.

In the event that businesses find themselves on the receiving end of one of these DNS issues, Gonyea said that there are steps they can take to get things up and running again.

“[F]irst, confirm the problem by determining whether your DNS servers are returning the proper response when queried directly from several different locations,” he said.

“Immediately verify that the domain name is still under your control and is currently active (not expired), and try to narrow down who/where the issue is occurring. For example, if it’s all Comcast and Google Public DNS users that are having problems and your domain is DNSSEC (DNS security extensions) signed, it’s possible that you’re having DNSSEC issues, since both of those providers use DNSSEC validation. From there, try changing your zone and publishing the change to see if it propagates to the edge DNS network you’re utilizing. Then contact your managed DNS provider to speak with a technical expert.”

Mark E. Jeftovic, founder and CEO of easyDNS Technologies, is presently working on a book for O’Reilly Media on DNS issues. Insisting that companies are generally unaware of DNS issues, Jeftovic explained that the whole premise of the book he is writing is that businesses spend large sums of money on all types of redundancies — disaster-proofing and disaster-recovery, for instance — and then compromise these efforts by overlooking DNS.

“They have redundant everything from power supplies on their servers to redundant data centers to even redundant suppliers of gasoline to their backup generators on the roof of the building,” said Jeftovic, who cautioned that his comments are from the authoritative DNS standpoint rather than a DNS resolvers standpoint.

“The whole thing is held up by a $10 domain name sitting on a couple of…name servers that nobody’s even looked at in 10 years, or it’s outsourced to a web hosting company that doesn’t think about the DNS. It’s just a blind spot in a lot of cases. As sophisticated and bulletproof as their overall infrastructure is, it’s sitting on top of a precariously balanced DNS architecture that could fail on them at any time. Usually companies that are the most cognizant of these issues are those that have been burnt by it in the past.”

“Managed DNS providers have the benefit of global reach, high availability and scalability, and full-time DNS and network security experts on staff to help keep websites running smoothly around the clock,” he said. “These dedicated DNS providers operate large-scale DNS networks with multiple data centers across the globe, which allow them to accelerate DNS responses by automatically steering queries to the closest data center, ensuring superior user experiences around the world. They can also deploy fully redundant DNS server configurations and install redundant connections to multiple ISPs to ensure uninterrupted service in the event of equipment failures or network outages.”

Companies that want a preview as to what sorts of internal DNS issues they could be facing more and more in the future should, said Buijs, just consider what is happening on the public Internet. He explained that his company projects that the kinds of attacks happening on the public Internet will more and more occur on the internal DNS as well.

Buijs added that companies must understand DNS so that they make the right choices.

“Get knowledgeable about DNS or buy a product that solves a couple of those things,” he explained. “What we do as a company is sell products that make DNS easy to implement….The tools are there. The services are there….Microsoft has it embedded, HP has it embedded, Cisco has it embedded. So there should be enough tools and stuff like that to fix problems with DNS.”

For something that is so important, DNS is a piece of infrastructure that is often little thought about until it stops working. But understanding what it is, what can go wrong with it, and how to get things running smoothly again if problems materialize will help companies to minimize, if not entirely eliminate, downtime.

A Canadian currently based in Ontario, Canada, Ian is a researcher for InfoSec Institute. Over the years, he has written for a number of IT-related sites such as Linux.com, ITManagersJournal.com and ITBusiness.ca.

About Intense

Intense School has been providing accelerated IT training and certification for over 12 years to more than 45,000 IT and Information Security professionals worldwide. Come see why we have the highest pass rates in the industry!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

How will you fund your training?

Why Take This Training?

What is your timeline for training?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam